Keystrokes can be recovered remotely

Researchers find they can recover usernames and passwords remotely by listening to the electromagnetic waves broadcast by the keyboard itself.

Robert Vamosi Former Editor

As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

See full bio

Robert Vamosi

Oct. 22, 2008 3:19 p.m. PT

2 min read

Wired keyboards, like those found on desktop PCs, emit electromagnetic waves that can be read remotely, according two Swiss researchers.

Researchers Martin Vuagnoux and Sylvain Pasini of the Swiss Security and Cryptography Laboratory at LASEC/EPFL, were able to recover keystrokes from wired keyboards at a distance up to 20 meters (about 65 feet), even through walls, simply by reading the electromagnetic emanations of the peripheral device. The experiments focused on wired keyboards attached to a computer either by PS/2 or USB connections.

In two videos, Vuagnoux demonstrates the attacks.

In the first video, he shows how only the keyboard was monitored in the attack. He removed the monitor and the tower. He then attached a laptop, but powered it by battery to reduce other sources of electromagnetic emanation from the test site. Then Vuagnoux types in "Trust no one" on the wired keyboard. A minute later, a program reading the electromagnetic emanations displays the text string "trust no one" on the testing system.

In a second video, a battery-powered laptop with a wired keyboard attached via a PS/2 connection was placed in a second room several feet away and obscured by a wall. In the original room, the testing system, using a high powered antenna, was able to recover the password, in this case "password," and display the word.

Both authors conclude that "a vulnerability on these devices will definitely kill the security of any computer or ATM." They further recommend that wired keyboards should not be used to transmit users' names and passwords.

Sound arcane? The U.S. government doesn't think so. Preventing such a scenario is one of the goals behind a project called "Tempest," an acronym for Telecommunications Electronics Material Protected from Emanating Spurious Transmissions. While many think Tempest is an active eavesdropping operation, it's really a set of government standards designed to dampen electronic emissions escaping government offices. Hardware makers are using these standards to create equipment that doesn't emit strong electronic signals.

A full paper on these observations is under peer review and will be published soon, according to the authors.